logcheck/ignore.d.server/local



^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amandad\[[0-9]+\]: connect from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]*> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam from=(<[^>]+>|\(\?\)), to=(<[^>]+>,)+ quarantine spam-[0-9a-f-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^>]*>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -e /usr/sbin/anacron || run-parts --report /etc/cron.(daily|weekly|monthly)\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' started$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Jobs will be executed sequentially$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame delegation
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame server on '[^[:space:]]+' \(in '[^[:space:]]+'\?\): \[[\.0-9]+\]\.[0-9]+ '[^[:space:]]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Response from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: reloading
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Cleaned cache of [0-9]+ RRsets$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Sent NOTIFY for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: approved AXFR from [^[:space:]]+ for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone transfer \(AXFR\) of [^[:space:]]+ to [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: suppressing duplicate notify$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[\.0-9]+u/[\.0-9]+s CHILDCPU=[\.0-9]+u/[\.0-9]+s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (38|A|AAAA|ANY|AXFR|CNAME|IXFR|MX|NS|PTR|SOA|TXT)=[0-9]+)*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Received NOTIFY answer
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\))( learnt \([^[:space:]]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: transfer of '[^[:space:]]+' from [^[:space:]]+: end of transfer$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [^[:space:]]+/IN: sending notifies \(serial [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: rcvd NOTIFY\([^[:space:]]+, IN, SOA\) from \[[\.0-9]+\]\.[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: late CNAME in answer section for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unrelated additional info '[^[:space:]]+' type A from \[[\.0-9]+\]\.[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: Connection, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGIN, user=.*, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, user=.*, ip=\[::ffff:.*\], top=.* retr=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: Disconnected, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: TIMEOUT, user=.*, ip=\[::ffff:.*\], top=0, retr=0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Connection, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: LOGIN, user=.*, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: LOGOUT, user=.*, ip=\[::ffff:.*\], top=.*, retr=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: TIMEOUT, user=.*, ip=\[::ffff:.*\],top=.*, retr=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: Connection, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: LOGIN, user=.*, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: LOGOUT, user=.*, ip=\[::ffff:.*\], headers=.* body=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: DISCONNECTED, user=.*, ip=\[::ffff:.*\].*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGOUT, user=.*, ip=\[::ffff:.*\], headers=.* body=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: Connection, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGIN, user=.*, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: DISCONNECTED, user=.*, ip=\[::ffff:.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ircd\[[0-9]+\]: ircd exiting: autodie$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ircd\[[0-9]+\]: Server Ready$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on [^[:space:]]+ to [\.0-9]+ port 67( interval [0-9]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Abandoning IP address [\.0-9]+: pinged before offer ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: BOOTREQUEST from [0-9a-f:]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [\.0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [\.0-9]+( via eth[0-9]+)? ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [\.0-9]+( from [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+( \(found\))?)? ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [\.0-9]+( \([\.0-9]+\))? from [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+(: (unknown lease [\.0-9]+|wrong network)\.)? ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: accepting packet with data after udp payload. ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ip length 576 disagrees with bytes received 590. ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: /usr/share/pixmaps er ikke ejet af uid [^[:space:]]\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Mappen [^[:space:]] eksisterer ikke\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/net.agent: assuming ppp[0-9] is already up$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/net.agent: invoke if(up|down) ppp[0-9]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/usb.agent: Setup [^[:space:]]+ for USB product [0-9a-f/]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: modprobe: Can't locate module (keybdev|mousedev|usbcore)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION  DEVICE '[^[:blank:]']+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: Login [0-9\.]+ to [^[:space:]]+ as [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+: /dev/gpmctl: No such file or directory$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+: /dev/gpmctl: Ingen s�dan fil eller filkatalog$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_limits\[[0-9]+\]: default limits skipped for 'root'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: Incoming connection opened$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: connect from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: User '[[:alnum:]]+' logged in$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: Session timed out for user: [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: got signal Alarm clock$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: Reclaiming( REQUESTed) abandoned IP address [\.0-9]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: already acking lease
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: send_packet: Connection refused
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: fallback_discard: Connection refused
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: isdn_net: call from [,0-9]+ -> [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: isdn_net: Service-Indicator not [0-9], ignored$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY .*:(137|138) .*:(137|138) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=(13[789]|445) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.usb\[[0-9]+\]: found depended module="[[:alnum:]]+"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: dependent\(net\) is found$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: net device is (added|removed|(un)?register(e)?d)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Auto-save of retention data completed successfully\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: LOG ROTATION: DAILY $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: atp_rresp: Connection timed out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_read\(-1\): Connection reset by peer$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_write: Broken pipe$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: Connection terminated$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: logout [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: session from [\.:0-9]+ on [\.:0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:Default: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:Default: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:Default: CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:Default: asp_alrm: [0-9]+ timed out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Auto-save of retention data completed successfully\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Caught SIGTERM, shutting down\.\.\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Entering active mode\.\.\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]+ \(/[^[:space:]\)]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: peripheral low-power state$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: paper out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: error cleared$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: powered up$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: ready to print$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [0-9A-F]+ 400 DHCP SERVER Offered         \| Offering: [\.0-9]+  To: [0-9A-F]+  By: [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kern_enable is 1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time discipline status [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: precision = [0-9]+ usec$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: signal_no_reset: signal 13 had flags [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: using kernel phase-lock loop [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: ntpd [\.0-9]+ [a-zA-Z]+ [a-zA-Z]+ [0-9]+ [0-9:]+ UTC 200[2-9]+ \(2\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.0-9]+( --- not in mynetworks)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: reload configuration$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^>]*>, status=expired, returned to sender$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing the Postfix mail system$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (reset by peer|timed out)|read timeout|server dropped connection|No route to host) +\(port 25\)$

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [^[:space:]]+\[[\.0-9]+\]: 0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: abort on \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: expect \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: send \(AT.*\^M\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]:  -- got it$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: AT.*\^M\^M$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: \^M$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: CONNECT$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: OK$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: send \(\\d\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: No certificate files found! $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP (login timed out|no transfer timeout), disconnected\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: (Login successful\.|no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: connect from [\.0-9]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[/0-9]+ [0-9:]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : nfsmounter: mounted /sfs/\.linuxmnt/[^[:blank:]]+:[0-9a-z]+/r$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsrwcd: [^[:blank:]]+:[0-9a-z]+ deleted$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsauthd: serving [^:]+:[0-9a-z]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfssd: accepted connection from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: Creating default_prefs
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: connection from .* at port
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: clean message for
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: identified spam for
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: skipped large message in
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]:   Finished.  Wrote [0-9]+ entries\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]:   Took [\.0-9]+ seconds \( *[\.0-9]+ entries/sec\)\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: (Closing Pinger socket|Pinger socket opened) on FD [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: NETDB state saved;$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Could not reverse map address .*\.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection closed by .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive ident(ification)? string from [\.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: scanned from [\.0-9]+ with SSH-1\.0-SSH_Version_Mapper\.  Don't panic\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Your ssh version is too old and is no longer supported\.  Please install a newer version\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (keyboard-interactive|password|publickey) for [[:alnum:]]+ from [\.0-9]+ port [0-9]+( ssh2)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(.*) failed
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [\.0-9]+: 11: Disconnect requested by Windows SSH Client.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP mail\[[0-9]+\]: .* sent mail for root
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd [\.#0-9]+: restart \(remote reception\)\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.tftpd\[[0-9]+\]: RRQ from [\.0-9]+ filename [^[:space:]]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.tftpd\[[0-9]+\]: tftp: client does not accept options 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: check pass; user unknown$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_.*: .* session (opened|closed) for user .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:net2all:DROP:.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: lp[0-9]: compatibility mode
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Undo( partial)? (Hoe|loss|retrans)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: offline or intervention needed
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.17 DST=192.168.101.2 .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.248 DST=192.168.101.22 .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: status timeout: status=0xd0 \{ Busy \}
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: no DRQ after issuing WRITE
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide0: reset: success
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]* .
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   process_local_message: unknown UDP message command code \([0-9a-f]+\) - ignoring. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   [^[:space:]]+ \([\.0-9]+\) couldn't find service c $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  prs_mem_get: reading data of size 4 would overrun buffer. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection received: host=\[local\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection authorized: user=postgres database=template1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+( port [0-9]+ ssh2)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ucd-snmp\[[0-9]+\]: Connection from .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: moving up to position [0-9]+: [0-9]+ days, [0-9:]+